|Publication number||US7072964 B1|
|Application number||US 09/653,201|
|Publication date||4 Jul 2006|
|Filing date||31 Aug 2000|
|Priority date||31 Aug 1999|
|Also published as||US20060227786|
|Publication number||09653201, 653201, US 7072964 B1, US 7072964B1, US-B1-7072964, US7072964 B1, US7072964B1|
|Inventors||Bryan Whittle, Kaj Tesink|
|Original Assignee||Science Applications International Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (15), Non-Patent Citations (10), Referenced by (46), Classifications (12), Legal Events (6)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This application claims priority to the following provisional patent application, which is incorporated herein by reference in its entirety:
(1) Provisional Application Ser. No. 60/151,563, titled “Method & Apparatus For a Globalized Automotive Network & Exchange,” filed on Aug. 31, 1999, and having reference no. 99,532 (479.83581).
1. Field of the Invention
The present invention relates to virtual private networks. More particularly, the present invention relates to virtual private networks wherein in each virtual private network, multiple service providers can be utilized by the trading partners of the virtual private network. The end-to-end service quality of the connection within the virtual private network is guaranteed to meet minimum requirements. The end-to-end service quality encompasses numerous factors including: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling. The system and method of the present invention is directed to the interconnection of multiple virtual private networks each having multiple service providers. Furthermore the present invention encompasses a system and method for interconnecting multiple interconnect providers, such as exchange points, exchange networks, direct connect or transit service providers, between the multiple virtual private networks. Finally, the present invention employs an end-to-end overseer across the multiple virtual private networks.
2. Description of the Related Art
Early in 1994, the automotive industry recognized the need for global network services that would support more new demanding automotive business applications. The purpose of this network service was to simplify complex, redundant, outdated connection methods while minimizing costs and ensuring the management, security, reliability, and performance essential to the automotive industry. Transport Control Protocol/Internet Protocol (TCP/IP) was endorsed as the standard suite for electronic data communications.
Ultimately in 1995, the industry formed a Telecommunications Project Team to oversee the design and development of a common global communication infrastructure supporting automotive industry application initiatives (later called the Automotive Network eXchange (ANX) Implementation Task Force). The Task Force, in June 1997, published the initial results of the technical design process for this new network service, called the Automotive Network eXchange (ANX), in “ANX Release 1 Draft Document Publication” (TEL-2 01.00). This reference is incorporated herein by reference in its entirety. The TEL-2 specification undergoes constant updating and correction.
The ANX system is a business-to-business communications infrastructure that provides a uniform, secured link between trading partners, such as manufacturers and suppliers, in the automotive industry. The ANX is a subscription-based network composed of Certified Service Providers (CSP). CSPs are providers of IP network service that have satisfied certain service end-to-end quality. CASPs are certificate authority service providers. The Certified Exchange Point Operator (CEPO) provides services to interconnect CSPs. CEPOs also must satisfy certain end-to-end service quality requirements.
Trading Partners (TP) are registered end users, or subscribers, of the ANX system such as automotive parts manufacturers, suppliers, original equipment manufacturers, and car manufacturers. The ANX system allows TPs to communicate, exchange information, and transact business with other TPs over the ANX network. The TP may utilize any TCP/IP-compliant application program to exchange information with other TPs. The registered TP selects the TPs with which it wants to communicate and thereafter may gain access to and receive communications from those selected TPs. As a result, the ANX system allows each TP to develop its own virtual private network with its customers and vendors.
The ANX system significantly reduces the complexity of connecting to multiple trading partners. Since there are diverse communication protocols for the trading partners, separate links are required to access each trading partner.
By having a single private network operated under a uniform protocol, interconnectivity between various trading partners is substantially simplified. In addition, ANX offers improved end-to-end service quality. For example, if an auto manufacturer needs to place with its parts supplier an order for car seats, the manufacturer may submit over the ANX system its confidential CAD drawings directly to the supplier. The manufacturer may also fill out the order form that the supplier may have for filling orders and timely submit over the ANX system due to its high reliability and performance.
The CSP and the CEPO must satisfy certain performance and security requirements in order to be certified under the ANX. The certification process is disclosed in ANX Release 1 Document Publication (TEL-2 02.00), which is incorporated herein by reference in its entirety.
The ANX VPN permits the use of a plurality of different IPSec devices. By virtue of the TEL-2 specification and the certification process all of the designated IPSec devices are guaranteed to communicate with one another across the ANX VPN.
While the ANX was originated out of the need to interconnect automotive related companies, it is not limited to that industry. Any company/industry may become a TP, e.g. an aerospace company, a healthcare company, etc. ANX has become known as the Advanced Network eXchange.
With the advent of the Internet, global communication has become a reality. While the Internet works well for non-mission critical applications, such as transmitting and receiving e-mail and hosting websites, it has some drawbacks for business-to-business commerce and communication that require stringent end-to-end service quality. Quality concerns are in the area of end-to-end service quality as explained previously.
For example, when two companies want to communicate over the Internet, the lag between the systems at each company will be different virtually every time. The connection each has through its service provider, i.e. 14.4K, 28.8K, 56K, ISDN, DSL, T1, etc., plus the number of servers through which the connection is directed contribute to the resulting time lag between the two companies. Depending upon the type of information transmitted, the two parties may require a maximum acceptable time lag. Due to the nature of the Internet, it cannot guarantee such a maximum time lag. Furthermore, the two companies may desire that service assistance be available at certain times or 24 hours a day. The Internet has no such guarantees for help availability in a multi-provider environment. Such a lack of guaranteed bandwidth, latency and reliability are major impediments to business-to-business commerce and communication over the Internet.
In recent years the number of electronic viruses and hacker attacks has increased dramatically. A company considering conducting business-to-business commerce over the Internet runs the risk of making their intranet vulnerable to such viruses and attacks with the potential related loss of data.
In order to address the security issue, some companies have developed virtual private networks (VPNs). Secure VPNs permit a company to communicate with any other entity on the network without the risk of increased vulnerability to viruses and hackers. However, while VPNs can connect to other VPNs over the Internet by providing authentication, access control, confidentiality and data integrity, there is still no way the end-to-end quality of the connection can be guaranteed to meet a required set of minimum standards in a multi-provider setting.
A secure VPN is a communication network that is secured with encryption and authentication. Secure VPNs are based on multiple technologies, for example IPSec, tunneling, certification and shared secret authentication. IPSec is the security standard established by the Internet Engineering task Force (IETF). Tunneling permits private networks to cross the Internet using unregistered IP addresses.
From the foregoing, it is desirable to provide a system and method for interconnecting multiple VPNs each using multiple service providers while offering a minimum standard of end-to-end service quality.
The system and method of the present invention utilizes an overseer that defines the service quality, continually qualifies service providers as meeting that service quality, and resolves end-to-end issues across multiple interconnected virtual private networks, such as the ANX. When connecting multiple virtual private networks according to the system and method of the present invention multiple interconnect providers are interconnected, and the manner in which these interconnect providers are interconnected so that the quality and reliability standards are met is another aspect of the present invention.
Certification of IPSec devices permits interoperability for encryption, integrity and authentication across the product of all IPSec vendors. When two subscriber companies both use certified IPSec equipment then they can provide each other with controlled access to each other's networks.
Based on the foregoing, an object of the present invention is to provide a system and method of interconnecting multiple VPNs each using multiple service providers while offering a minimum standard of end-to-end connection quality and reliability.
Another object of the present invention is to provide a system and method of interconnecting multiple VPNs having an overseer that resolves end-to-end issues across multiple virtual private networks.
Still another object of the present invention is to provide a system and method of connecting multiple virtual private networks in which multiple interconnect providers are interconnected so that the end-to-end service quality is met.
The foregoing and other attributes of the present invention will be described with respect to the following drawings in which:
Each virtual private network 20 and 22 is shown having a trading partner (TP) 24 and 26, respectively. While
The end-to-end service quality, provided by the present system and method of interconnecting multiple virtual private networks, cannot be achieved by simply interconnecting two virtual private networks, such as 20 and 22, with a wire. The end-to-end service quality incorporates a user-centric philosophy, where the user is the TP or subscriber. The user is guaranteed a minimum level of service encompassing factors that include: network services; interoperability; performance; reliability; disaster recovery and business continuity; security; customer care; and trouble handling. Simply connecting the two virtual private networks 20 and 22 with a wire will not achieve the minimum satisfactory levels for these factors.
To achieve such minimum levels of satisfactory performance for these factors the system and method must include a way to resolve disputes between the two virtual private networks. Referring to
One resolution is shown in
One configuration for governance of multiple interconnected VPNs is shown in
The GOVER is responsible for end-to-end quality assurance, and in particular acts as an inter-VPN interconnection certifier. The GOVER certifies interconnection facilities, and certifies a global CASP—CASP trust model. The GOVER also is an inter-VPN arbitrator that steps in when POVERs cannot resolve trouble between them.
Since the VPNs are used to running their networks in isolation, the interconnection of multiple VPNs has unique issues such as resolving trouble and conflicts between the VPNs and maintenance of minimum end-to-end service quality across the multiple programs. Since the system and method of the present invention are directed to providing specific end-to-end service quality, it must be possible for TPs to quantify the end-to-end service quality levels, and these service quality levels must be sufficient to allow applications to work across the multiple VPNs. Therefore, a high level of metric compatibility and measurement techniques are required.
In the ANX type VPN each TP, CSP and CEP must meet specified criteria to become certified and to maintain that certification. The certification provides the TPs or subscribers with confidence that the level of transport and security will meet their business needs. The ANX type VPN utilizes multiple CSPs. On one level it is easier to run a VPN where all TPs are required to use a single CSP. The use of multiple CSPs in the ANX type VPN fosters competition between the CSPs and allows the VPN to reach TPs that may not be serviced by a single CSP. The implementation of multiple CSPs, however, brings with it the drawback of insuring that the CSPs can talk to one another. Whether the connection from one TP to another TP within the same VPN is through a single CSP of two CSPs should be invisible to the TPs. The TPs need never know when one or more CSPs are used for any particular connection. The certification process ensures that the TPs use one of the certified IPSec devices at their premises, and that the CSPs will utilize certified equipment and meet certain metrics so as to achieve the end-to-end service quality guaranteed to the TPs. In this manner, the multiple CSPs will be able to communicate with one another. The CSPs must meet business criteria, technical metrics, ongoing monitoring, trouble-handling criteria, routing registry criteria, and domain name registry criteria to achieve and maintain certification.
The technical metrics for achieving end-to-end service quality in the ANX-type network include among other metrics, latency and availability.
The outline for how trouble is handled within the ANX-type VPN is shown in
A key to providing predictable end-to-end service quality is that the TPs must know the level of service they receive. To this end four service provider accountability levels exist. First, service providers, both interconnect providers and CSPs, must timely fix infrequent service provider troubles. Second, there must be end-to-end service provider cooperation to handle any troubles. Third, recourse must be provided to resolve disputes in the event of disagreement between CSPs and/or interconnect providers. Fourth, recourse must be provided to resolve continued non-compliance with the end-to-end service quality.
The GOVER/POVER model is but one way to oversee ensuring of the end-to-end service quality and metric compatibility. How the ANX-type networks are connected will be discussed below. In this context there must be five key types of end-to-end technology compatibility: 1 network interconnection that ensures a trading partner on one VPN can reach any trading partner on the other VPN; 2 routing compatibility that ensures any trading partner on one VPN can logically reach any TP on the other VPN; 3 naming compatibility, e.g. so the web names or e-mail names of any trading partner on one VPN can be resolved to an address that is routable over the two VPNs; 4 IPSec compatibility; and 5 digital security certificate compatibility across multiple VPNs. While
Returning to the GOVER/POVER model for overseeing interconnected VPNs;
When expanding from a single VPN to interconnected VPNs the inherent costs of running the system naturally increase. How such costs are distributed is an important part of the system. As shown in
There are multiple methods of interconnecting multiple VPNs with interconnect providers. As shown in
How the multiple VPNs interconnect will directly affect the resulting end-to-end service quality.
As stated previously, while the end-to-end service quality is based upon the TEL-2 specification, the degree to which the TEL-2 specification needs to be modified to interconnect multiple VPNs depends upon the chosen complexity of the interconnection. An xNX-type VPN uses a maximum of two CSPs between any two TPS. A larger value, either three or four, is needed for multiple VPNs. The Interconnect provider will account for one additional CSP, and for configuration set forth in
Having described several embodiments of the system and method for interconnecting multiple virtual private networks in accordance with the present invention, it is believed that other modifications, variations and changes will be suggested to those skilled in the art in view of the description set forth above. It is therefore to be understood that all such variations, modifications and changes are believed to fall within the scope of the present invention as defined in the appended claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US6079020 *||27 Jan 1998||20 Jun 2000||Vpnet Technologies, Inc.||Method and apparatus for managing a virtual private network|
|US6097722 *||13 Dec 1996||1 Aug 2000||Nortel Networks Corporation||Bandwidth management processes and systems for asynchronous transfer mode networks using variable virtual paths|
|US6104701||5 Aug 1997||15 Aug 2000||International Business Machines Corporation||Method and system for performing a least cost routing function for data communications between end users in a multi-network environment|
|US6141409 *||13 Nov 1997||31 Oct 2000||Ameritech||Method of operating a virtual private network|
|US6148337 *||1 Apr 1998||14 Nov 2000||Bridgeway Corporation||Method and system for monitoring and manipulating the flow of private information on public networks|
|US6173399 *||12 Jun 1997||9 Jan 2001||Vpnet Technologies, Inc.||Apparatus for implementing virtual private networks|
|US6175917 *||23 Apr 1998||16 Jan 2001||Vpnet Technologies, Inc.||Method and apparatus for swapping a computer operating system|
|US6226748 *||12 Jun 1997||1 May 2001||Vpnet Technologies, Inc.||Architecture for virtual private networks|
|US6226751 *||17 Apr 1998||1 May 2001||Vpnet Technologies, Inc.||Method and apparatus for configuring a virtual private network|
|US6609153 *||24 Dec 1998||19 Aug 2003||Redback Networks Inc.||Domain isolation through virtual network machines|
|US6694437 *||22 Jun 1999||17 Feb 2004||Institute For Information Technology||System and method for on-demand access concentrator for virtual private networks|
|US6701437 *||9 Nov 1998||2 Mar 2004||Vpnet Technologies, Inc.||Method and apparatus for processing communications in a virtual private network|
|US6751729 *||22 Jul 1999||15 Jun 2004||Spatial Adventures, Inc.||Automated operation and security system for virtual private networks|
|US6788681 *||25 Feb 2000||7 Sep 2004||Nortel Networks Limited||Virtual private networks and methods for their operation|
|US6937574 *||16 Mar 1999||30 Aug 2005||Nortel Networks Limited||Virtual private networks and methods for their operation|
|1||"ANX 101: Basic ANX Service Outline," date unknown but prior filing date of U.S. Appl. No. 60/151,563, 274 pages, v. 1.2, 50215886.070700.|
|2||"ANX 101: Basic ANX Service Outline," date unknown but prior filing date of U.S. Appl. No. 60/151,563, 476 pages, v.2, 50215886.070700.|
|3||"ANX 201: Advanced ANX Service Outline," 1998, 298 pages, v 1, 50215886.070700.|
|4||"ANX Release 1 Document Corrections," ANX(R) Overseer TEL-2 02 Corrections, May 11, 1999, pp. 114, Rev. 8a, Auitomotive Industry Action Group (AIAG), Southfield, Michigan, 60152104.083199.|
|5||"ANX Release 1 Draft Document Publication," 1997, 10 pages, Automotive Industry Action Group, Southfield, Michigan.|
|6||"ANX(R) Release 1 Document Publication," 1998, Part 1, pp. 1-28, Part 2, pp. 260, Part 3, pp. 20, Part 4, pp. 20, Part 5, pp. 1-20, Part 6, pp. 17, AIAG TEL-2 02, Automotive Industry Action Group.|
|7||"ANXO Certificate Authority Service and Directory Service Definition for ANX Release 1, including Requirements on ANX CSP/CEPO Certificate Authorities," May 9, 1997, pp. 5-24, Issue 1, Revision 1, AIAG Telecommunications Project Team (TPT) and Bellcore.|
|8||"ANXO Certification Process and ANX Registration Process Definition for ANX Release 1," May 30, 1997, pp. 1-37, Issue 1, Revision 4, AIAG Telecommunications Project Team (TPT) and Bellcore.|
|9||"Metrics, Criteria, and Measurement Technique Requirements for ANX Release 1," Jun. 16, 1997, pp. 8-107, AIAG Telecommunications Project Team (TPT) and Bellcore.|
|10||ANX IPsec Certificate Profile, "Appendix A, Certificate Profile for ANZX IPsec Certificates," date unknown but prior to filing date of U.S. Appl. No. 60.151,563, pp. 1-2, Version 1.0, 50215886.070700.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US7426384 *||13 Jul 2005||16 Sep 2008||Vodafone Group Plc||Network communication system including a database of codes and corresponding telephone numbers|
|US7921211||17 Aug 2007||5 Apr 2011||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US7933990||16 Aug 2007||26 Apr 2011||Virnetx, Inc.||Agile network protocol for secure communications with assured system availability|
|US7945654||17 Aug 2007||17 May 2011||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US7987274||16 Aug 2007||26 Jul 2011||Virnetx, Incorporated||Method for establishing secure communication link between computers of virtual private network|
|US7996539||13 Dec 2005||9 Aug 2011||Virnetx, Inc.||Agile network protocol for secure communications with assured system availability|
|US8051181||27 Feb 2007||1 Nov 2011||Virnetx, Inc.||Method for establishing secure communication link between computers of virtual private network|
|US8458341||23 Dec 2011||4 Jun 2013||Virnetx, Inc.||System and method employing an agile network protocol for secure communications using secure domain names|
|US8504696||27 Dec 2011||6 Aug 2013||Virnetx, Inc.||System and method employing an agile network protocol for secure communications using secure domain names|
|US8504697||28 Dec 2011||6 Aug 2013||Virnetx, Inc.||System and method employing an agile network protocol for secure communications using secure domain names|
|US8516117||25 Apr 2011||20 Aug 2013||Virnetx, Inc.||Agile network protocol for secure communications with assured system availability|
|US8516131||23 Dec 2011||20 Aug 2013||Virnetx, Inc.|
|US8521888||4 Jan 2012||27 Aug 2013||Virnetx, Inc.|
|US8554899||17 May 2012||8 Oct 2013||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US8560705||3 Jan 2012||15 Oct 2013||Virnetx, Inc.|
|US8572247||16 Mar 2011||29 Oct 2013||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US8843643||25 Jul 2013||23 Sep 2014||Virnetx, Inc.|
|US8850009||6 Jun 2013||30 Sep 2014||Virnetx, Inc.|
|US8868705||13 Sep 2012||21 Oct 2014||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US8874771||16 Aug 2007||28 Oct 2014||Virnetx, Inc.||Agile network protocol for secure communications with assured system availability|
|US8904516||6 Jun 2013||2 Dec 2014||Virnetx, Inc.|
|US8943201||31 Oct 2011||27 Jan 2015||Virnetx, Inc.||Method for establishing encrypted channel|
|US9027115||10 Sep 2014||5 May 2015||Virnetx, Inc.||System and method for using a registered name to connect network devices with a link that uses encryption|
|US9037713||6 Apr 2011||19 May 2015||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US9038163||25 Jul 2013||19 May 2015||Virnetx, Inc.||Systems and methods for connecting network devices over communication network|
|US9077694||13 Sep 2012||7 Jul 2015||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US9077695||28 May 2013||7 Jul 2015||Virnetx, Inc.||System and method for establishing an encrypted communication link based on IP address lookup requests|
|US9094399||12 Jul 2011||28 Jul 2015||Virnetx, Inc.||Method for establishing secure communication link between computers of virtual private network|
|US9100375||14 Sep 2012||4 Aug 2015||Virnetx, Inc.|
|US9184929 *||26 Nov 2001||10 Nov 2015||Arris Enterprises, Inc.||Network performance monitoring|
|US9374346||13 Sep 2012||21 Jun 2016||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US9386000||14 Sep 2012||5 Jul 2016||Virnetx, Inc.||System and method for establishing a communication link|
|US9413766||29 Oct 2014||9 Aug 2016||Virnetx, Inc.||Method for establishing connection between devices|
|US9479426||18 May 2012||25 Oct 2016||Virnetz, Inc.||Agile network protocol for secure communications with assured system availability|
|US9819649||1 May 2015||14 Nov 2017||Virnetx, Inc.|
|US20030126254 *||26 Nov 2001||3 Jul 2003||Cruickshank Robert F.||Network performance monitoring|
|US20050198250 *||8 Mar 2005||8 Sep 2005||Terited International, Inc.||Network system, method and protocols for hierarchical service and content distribution via directory enabled network|
|US20060040664 *||13 Jul 2005||23 Feb 2006||Murray Richard J||Communications systems|
|US20060123134 *||13 Dec 2005||8 Jun 2006||Science Applications International Corporation||Agile network protocol for secure communications with assured system availability|
|US20060195539 *||5 May 2006||31 Aug 2006||Science Applications International Corporation||Private Network Exchange With Multiple Service Providers, Having a Portal, Collaborative Applications, and a Directory Service|
|US20070121603 *||23 Jan 2007||31 May 2007||Clark Joseph E Iii||Method and system for creating VoIP routing registry|
|US20080005792 *||27 Feb 2007||3 Jan 2008||Science Applications International Corporation||Method for establishing secure communication link between computers of virtual private network|
|US20080040783 *||17 Aug 2007||14 Feb 2008||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US20080040791 *||16 Aug 2007||14 Feb 2008||Virnetx, Inc.||Agile network protocol for secure communications with assured system availability|
|US20080040792 *||17 Aug 2007||14 Feb 2008||Virnetx, Inc.||Agile network protocol for secure communications using secure domain names|
|US20110185169 *||29 Mar 2011||28 Jul 2011||Edmund Colby Munger||Agile Network Protocol For Secure Communications With Assured System Availability.|
|Cooperative Classification||H04L47/18, H04L47/10, H04L12/4641, H04L63/20, H04L63/0272|
|European Classification||H04L63/02C, H04L47/10, H04L63/20, H04L47/18, H04L12/46V|
|18 Dec 2000||AS||Assignment|
Owner name: SCIENCE APPLICATIONS INTERNATIONAL CORPORATION, CA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WHITTLE, BRYAN;TESINK, KAJ;REEL/FRAME:011382/0821;SIGNING DATES FROM 20000918 TO 20000927
|7 Nov 2006||AS||Assignment|
Owner name: ANXEBUSINESS CORP., MICHIGAN
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SCIENCE APPLICATIONS INTERNATIONAL CORPORATION;REEL/FRAME:018490/0568
Effective date: 20061027
|8 Feb 2010||REMI||Maintenance fee reminder mailed|
|24 Mar 2010||FPAY||Fee payment|
Year of fee payment: 4
|24 Mar 2010||SULP||Surcharge for late payment|
|6 Jan 2014||FPAY||Fee payment|
Year of fee payment: 8